Orbit Feature
Multi-Tenant Isolation
Complete data isolation with dedicated resources per tenant, role-based access control, and zero-trust security for enterprise-grade multi-tenant operations.
How Multi-Tenant Isolation Works
Dedicated Resources
Each tenant operates with dedicated compute, storage, and network resources. No resource sharing between tenants eliminates noisy neighbor problems.
Data Separation
Complete database isolation with separate schemas per tenant. Data never crosses tenant boundaries, ensuring privacy and compliance.
Identity Realms
Keycloak realms provide complete identity separation. Each tenant has its own user directory, groups, and authentication configuration.
Namespace Isolation
Resource isolation boundaries provide complete separation of pods, services, and storage per tenant. Network policies restrict communication with support for Kubernetes, OpenShift, or in-house infrastructure.
Security Features
Zero-Trust Architecture
Every access request is authenticated and authorized. No implicit trust between components, even within the same tenant environment.
Role-Based Access Control
Fine-grained permissions based on user roles and group memberships. Users only access resources relevant to their responsibilities.
Audit Trails
Complete logging of all access and operations. Every action is traceable to specific users with timestamps and full context.
Network Isolation
Network policies restrict communication between namespaces. Tenants cannot access each other's services or internal endpoints.
Example Use Cases
Multi-Tenant SaaS Platform
SaaS providers serve multiple customers from a single infrastructure with complete data isolation, dedicated resources per customer, and role-based access control.
Enterprise Multi-Environment
Enterprises manage development, staging, and production environments with namespace isolation, resource quotas, and automated deployment pipelines.
High-Security Operations
Organizations operate with zero-trust security, complete audit trails, and multi-level approval workflows for sensitive operations.
Related Features
Realms
Keycloak-based identity domains that provide complete separation of users, groups, and permissions per tenant.
Learn more →Namespaces
OpenShift resource isolation boundaries that provide complete separation of pods, services, and storage per tenant.
Learn more →Security Model
Data isolation and security model that ensures zero-trust architecture with complete audit trails and compliance reporting.
Learn more →